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ABSTRACT 


Ni 

This  paper  presents  a  new  approach  to  determine  the  conditions  that 
ensure  diagnosability  properties  in  complex  systems.  In  previous  approaches,  a 
fault-test  relationship  is  assumed  and  all  diagnosability  conditions  depend  on 
both  this  relationship  and  the  desired  diagnosability  property.  In  our  approach, 
such  assumptions  are  not  required,  so  that  diagnosability  conditions  depend 
only  on  the  desired  diagnosability  property. 

This  method  uses  a  new  system-level  fault  model  having  both  internal  and 
observable  test  outcomes  and  allowing  multiple  test  outcomes  to  be  associated 
with  each  fault  situation.  By  defining  different  sets  of  internal  test  outcomes, 
one  can  represent  the  desirable  diagnostic  properties  of  the  model. 

In  this  paper,  diagnosability  conditions  for  models  possessing  m orphic  pro¬ 
perties  are  given.  As  an  example,  the  conditions  are  applied  to  the  fault  model 
of  Prepara ta,  Metze  and  Chien.  The  results  obtained  demonstrate  that  1)  new 
diagnosability  conditions  can  be  determined  and  2)  the  previous  diagnosability 
conditions  can  be  reconstructed  and  applied  to  a  larger  class  of  fault  models. 
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1.  INTRODUCTION 

One  of  the  most  challenging  problems  currently  facing  the  electronics 
industry  is  that  of  designing  systems  and  tests  for  the  detection  and  diagnosis  of 
failures.  There  are  two  primary  causes  of  this  problem:  1)  the  increased  com¬ 
plexity  of  systems  has  greatly  increased  the  number  of  possible  fault  situations, 
and  2)  the  reduced  accessibility  of  the  circuit  due  to  higher  density  components 
has  reduced  the  availability  of  test  results.  Both  causes  increase  the  likelihood 
of  multiple  failures. 

Previous  approaches  have  addressed  this  system  design  and  test  generation 
problem  by  using  a  system-level  fault  model  [FRI80]  to  describe  the  relation¬ 
ship  between  fault  situations  and  test  outcomes.  Such  models  effectively 
reduce  the  number  of  fault  situations  by  treating  a  large  aggregation  of  failures 
as  a  single  complex  fault  situation.  Test  results  from  these  fault  situations  are 
compactly  represented  in  order  to  reduce  the  volume  of  test  data.  These 
models  are  thus  vehicles  for  examining  the  diagnosability  of  a  system  and 
improving  the  selection  of  tests. 

This  paper  presents  a  new  approach  to  determine  the  conditions  that 
ensure  diagnosability  properties  in  complex  systems.  In  previous  approaches,  a 
fault-test  relationship  is  assumed  and  all  diagnosability  conditions  depend  on 
both  this  relationship  and  the  desired  diagnosability  property.  In  our  approach, 
such  assumptions  are  not  required,  so  that  diagnosability  conditions  depend 
only  on  the  desired  diagnosability  property.  Since  guidelines  for  system  testa¬ 
bility  are  derived  from  diagnosability  conditions,  the  guidelines  developed  from 
this  new  approach  are  not  limited  by  an  assumed  fault-test  relationship. 


The  approach  U9es  a  new  system-level  fault  model  to  represent  relation 
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ships  between  faults  and  test  outcomes.  By  permitting  multiple  test  outcomes 
to  be  associated  with  each  fault  situation,  this  model  can  represent  a  large 
aggregation  of  failures  as  a  single  system-level  fault  situation.  Additional  struc¬ 
ture  is  introduced  by  using  both  internal  and  observable  test  outcomes.  Inter¬ 
nal  test  outcomes  play  a  role  analogous  to  that  of  state  variables  in  linear  sys¬ 
tem  models  by  allowing  the  representation  and  analysis  of  properties  that  may 
not  be  directly  observable.  By  defining  different  sets  of  internal  test  outcomes, 
one  can  represent  the  desirable  diagnostic  properties  of  the  model. 

The  application  of  this  new  approach  is  demonstrated  by  determining  diag- 
nosabiiity  conditions  for  multiple  fault  diagnosis.  Efficient  analysis  of  multiple 
faults  is  provided  by  models  possessing  morphic  properties.  These  properties 
allow  one  to  determine  multiple  fault  test  outcomes  from  the  outcomes  of  the 
single  fault  components.  As  an  example,  we  apply  the  conditions  to  the  fault 
model  of  Preparata,  Meize  and  Chien  [PRE67].  The  results  obtained  demon¬ 
strate  that  1)  new  diagnosability  conditions  can  be  determined  and  2)  the  previ¬ 
ous  diagnosability  conditions  can  be  reconstructed  and  applied  to  a  larger  class 
of  fault  models. 


2.  FAULT  MODEL  DEFINITION 

For  a  typical  fault  model,  a  set  of  fault  situations  is  given  and  a  set  of 
observable  syndromes  representing  the  possible  results  of  a  testing  procedure  is 
defined.  Thus,  the  typical  fault  model- is  described  by  the  threetupie 
iA,YpjbO),  where  A  is  a  set  of  fault  situations,  Yp  is  a  set  of  observable  syn¬ 
dromes  and  </(.)  is  a  map  from  A  into  Yp. 

In  contrast  to  the  typical  fault  model,  the  model  defined  in  this  paper  is 
described  by  the  quintuple  iA,Zp,Yp,Gi.)Jfi.)\  where  A  is  a  set  of  admissible 
fault  situations,  Zp  is  a  set  of  internal  syndromes,  Yp  is  a  set  of  observable  syn¬ 
dromes,  GO  is  a  map  that  relates  fault  situations  and  internal  syndromes,  and 
Hi.)  is  a  map  that  relates  internal  syndromes  and  observable  syndromes. 

Clearly,  all  typical  fault  models  may  be  represented  by  choosing  Hi.)  as  the 
identity  map,  and  letting  G(.)  —  Gi.).  It  is  possible,  however,  to  introduce 
additional  structure  into  this  model  by  using  various  sets  of  internal  syndromes 
and  maps  Hi.).  As  a  result,  a  specific  model  has  multiple  representations, 
some  of  which  are  more  convenient  for  analyzing  and  deriving  diagnosability 
conditions. 

We  will  now  define  precisely  the  components  of  the  fault  model  To  facili¬ 
tate  the  definition  of  fault  situations,  we  define  a  set  of  distinct  elementary  fault 
situations 

E  {f\§  /ji ...  *  fn\* 

where  the  fault  situations  /  —  1,2, ... ,  n  are  elementary  only  in  the  sense 
that  there  is  no  need  to  isolate  failures  more  precisely.  As  a  result,  an  elemen¬ 
tary  fault  situation  may  represent  an  aggregation  of  distinct  failure  modes,  each 
of  which  may  have  a  different  effect  on  the  overall  operation  of  the  system. 
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Let  Am  be  the  family  of  all  subsets  of  E.  The  empty  subset  represents  the 
nonfaulty  mode  of  the  system  and  is  denoted  by  Fq.  All  possible  fault  situa¬ 
tions  are  represented  by  elements  in  A„;  however,  in  many  cases  it  is  desirable 
to  restrict  the  analysis  to  a  subset  of  the  possible  fault  situations.  Let  A  Q  A„ 
be  the  set  of  admissible  fault  situations, -that  is,  it  is  assumed  that  only  these 
fault  situations  may  occur.  Often,  the  admissible  fault  situations  are  defined  as 
the  subsets  of  E  that  have  cardinality  less  than  or  equal  to  an  integer  r, 

1  <  r  <  n.  In  this  case,  denote  Ar  Q  A„  as  the  set  of  fault  situations  defined 
by 

/«,-{/•€  A,  |  If  I  «t}. 

The  union  of  two  fault  situations,  /}  U /},  represents  the  fault  situation 
consisting  of  all  elementary  faults  in  Ft  and  Fj.  Similarly,  the  intersection 
F,  CiFj  represents  the  fault  situation  consisting  of  only  those  elementary  faults 
common  to  both  Ft  and  Fj. 

Associated  with  the  system  is  a  testing  procedure  consisting  of  a  set  of  p 
tests, 

T  * ■  {f  j,  /j'  •  •  •  *  tp). 

The  outcome  of  test  tj  is  denoted  by  a  variable  Xj  that  takes  values  in  a  set  Z. 
We  have  assumed  that  Z  is  finite,  therefore  let  Z  be  the  set 

Z  —  {0, 1, 2 . q- 1}. 

The  test  outcome  ’O’  represents  the  behavior  of  each  test  in  the  presence  of 
fault  situation  Fq.  Clearly,  in  order  for  the  model  to  provide  useful  informa¬ 
tion,  it  is  necessary  that  q  >  2.  When  q  —  2,  a  test  that  produces  outcome  ’O’ 
is  said  to  pass,  and  a  test  producing  outcome  is  said  to  fan. 
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The  set  of  test  outcomes  for  a  single  application  of  all  p  tests  is  represented 
by  the  p-tupie 

X  —  (jfj,  x2,  .  .  .  .  Xp). 

This  vector  of  test  outcomes  is  called  an  Internal  syndrome  of  the  system  and  the 
space  of  all  internal  syndromes  is  denoted  by  Zp. 

Failures  are  assumed  to  be  permanent  and  deterministic  so  that  a  given  set 
of  failures  occurring  simultaneously  always  produces  a  single  unique  syndrome. 

Yet,  because  of  the  complexity  allowed  in  the  definition  of  an  elementary  fault 
situation,  more  than  one  syndrome  may  be  associated  with  a  given  admissible 
fault  situation. 

The  fault  model  defined  in  this  paper  uses  a  point- to-set  map  to  represent 
this  uncertainty.  Each  choice  of  a  set  of  admissible  fault  situations  and  a  given 
testing  procedure  defines  a  unique  admissible  fault  situation  -  syndrome  (AFSS) 
map  CK !.)  from  the  domain  A  of  admissible  fault  situations  to  collections  of 
non-empty  subsets  in  the  range  Zp  of  all  possible  internal  syndromes.  The 
assumption  that  the  sets  E,  T,  and  Z  are  finite  implies  that  the  AFSS  map  can 
be  represented  in  a  tabular  form  by  an  AFSS  table. 

Although  the  set  Z  may  reflect  some  internal  structure  of  a  testing  pro- 
cedure,  such  knowledge  may  not  be  available  if  information  is  lost  in  the  pro¬ 
cess  of  observing  the  syndromes.  This  occurs,  for  example,  if  different  test 
outcome  values  representing  internal  properties  of  the  model  cannot  be  dis¬ 
tinguished  by  an  observer.  In  order  to  introduce  this  concept  into  the  fault 
model,  let 

y  “{0,1,2 . r — 1} 

be  the  set  of  possible  observations  of  test  outcomes,  and  let  the  observation 

* 

l 
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process  be  represented  by  a  map 

Hi.)rJZ  —*■  Y. 

In  this  paper  we  consider  only  those  observation  processes  that  can  be  decom¬ 
posed  into  observations  of  individual  test  outcomes.  The  observation  of  a 
internal  syndrome  is  thus  represented  by  the  map 

//(x)  -  (  H(xi),  H Cx2X....  /fOfe)  X 

where  x  fa  a  syndrome  in  Zp.  In  this  manner,  the  primary  structure  of  the 
model  fa  described  by  the  AFSS  table.  The  map  M.)  may  be  either  a  point-to- 
point  or  a  point-to-set  map.  In  the  latter  case,  it  fa  possible  to  restrict  the 
uncertainty  associated  with  a  fault  situation  to  the  observation  map  and  produce 
a  point-to-point  AFSS  table  by  choosing  specific  internal  test  outcomes. 

Here  we  have  assumed  that  the  nonfaulty  situation  F0  and  each  elementary 
fault  situation  are  admissible.  Thus,  A\  -  E  U  {F0}  is  the  greatest  lower 
bound  of  A.  Also,  the  internal  test  outcome  *0*,  which  represents  the  behavior 
of  a  test  when  the  system  fa  nonfaulty,  is  assumed  to  be  uniquely  observable  as 
the  observable  outcome  *0*.  In  order  to  remove  trivial  models,  we  have  also 
assumed  that  at  least  one  test  and  more  than  one  internal  and  more  than  one 
external  test  outcome  exist  Throughout  this  paper  we  have  assumed  the  fol¬ 
lowing  basic  hypothesis. 

Hypothesis  2.1:  Let  S  -  (  A,  Zp,  Yp,  GO,  HO  )  be  a  fault  model  Then, 

(i)  ii-l£l>l 
(i 0  Aj  Q  A 
(HD  p-  Irl  >1 

(iv)  <?-lz|  >2 

(v)  r-lrl  >2 


(vi)  GCFp)  -  { «MU4> } 

(vii)  MO)  -  0. 

The  purpose  of  defining  such  a  general  structure  for  fault  models  is  to 
allow  flexibility  in  defining  diagnosability  properties  and  in  deriving  diagnosabil- 
ity  conditions,.  This  paper  deals  primarily  with  the  one-step  r-fault  diagnosabil- 
ity  property  IPRE67],  in  which  all  admissible  fault  situations  of  cardinality  r  or 
less  can  be  repaired  by  replacing  all  faulty  and  only  faulty  components  after 
only  one  application  of  the  testing  procedure. 

Definition  2.2:  A  fault  model  S  is  one-step  r-fintit  dlagnosabk  if  and  only  if  r  is 
such  that  l<r<n,  and  for  every  pair  of  fault  situations  FeJFb  in  A  C\Ar  such 
that  Fa^Fb> 


HiGiFa) )  n  MGCF*))  - 


3.  MORPHIC  FAULT  MODELS 


Without  additional  structure  in  the  fault  model,  one  cannot  simplify  the 
conditions  for  one-step  r-fault  diagnosability  beyond  the  definition.  Under  the 
basic  hypothesis,  the  only  inherent  structure  of  the  fault  models  exists  in  the 
set  A„  by  virtue  of  the  union  operation.  For  this  set,  the  union  operation  is  an 
associative  and  commutative  binary  operation,  and  the  fault  situation  Fq  func¬ 
tions  as  the  unique  identity  element.  This  inherent  structure  is  of  value  when 
multiple  faults  (fault  situations  of  cardinality  greater  than  one)  are  admissible 
and  the  binary  operation  on  A„  is  in  some  manner  "preserved"  by  the  maps 
Gi.)  and  //(.).  This  implies  that  multiple  fault  syndromes  can  be  obtained 
from  the  syndromes  of  their  elementary  fault  components.  When  this  is  possi¬ 
ble,  the  model  is  said  to  possess  a  morphic  property  [HAV81]. 

Morphic  properties  are  of  great  importance  in  reducing  the  complexity  of 
fault  models,  since  they  imply  that  the  analysis  of  a  model’s  diagnosability  and 
the  development  of  diagnostic  algorithms  can  be  based  solely  on  the  knowledge 
of  the  elementary  fault  syndromes.  The  presence  of  a  morphic  property  also 
reduces  the  complexity  of  determining  and  storing  the  AFSS  table  by  several 
orders  of  magnitude.  One  should  note  that  the  existing  graphical  fault  models 
[BAR76,  HOL79,  PRE67,  RUS75a,  SOG64]  have  reduced  their  complexity  in 
exactly  this  way;  the  graph  is  actually  a  description  of  the  elementary  fault 
situation  and  syndrome  association.  Moreover,  the  complexity  of  determining 
the  existence  of  diagnosability  properties  and  deriving  diagnostic  algorithms  is 
also  reduced  in  these  models.  Evidence  for  this  is  found  in  the  existence  of 
system-level  diagnostic  algorithms  [COR76,  KAM75,  MEY78,  MEY79, 

MEY81,  SMI 79]  that  correspond  only  to  models  with  morphic  properties. 
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3.1  WEAKLY  MORPHIC  PROPERTY 

The  morph  ic  properties  we  are  considering  occur  when  an  associative  arel 
commutative  binary  operation  between  internal  test  outcomes  exists,  called  a 
morphic  map. 

Definition  3.1.1:  A  morphic  map  is  an  associative  and  commutative  binary  opera¬ 
tion  *  on  the  set  Z  of  internal  test  outcomes. 

Let  a  —  (aj,  a2,  ...»  ap)  and  b  —  (Aj,  bv  bp )  be  syndromes  in  Zp\  then 

a  *b  is  the  syndrome  defined  by 

a*b  —(a^bi,  a2*b2,...,  ap*bp ). 

Let  Q  and  R  be  subsets  of  syndromes  in  Zp\  then  Q*  R  is  the  subset  of  syn¬ 
dromes  defined  by 

Q*R  -  {  a*b  1  UA)  €  QxR  }. 


When  all  fault  situations  are  admissible  and  all  multiple  fault  syndromes 
can  be  calculated  from  the  elementary  fault  syndromes  using  a  morphic  map, 
the  model  is  said  to  be  weakly  morphic. 

Definition  3.1.2:  A  fault  model  S  is  weakly  morphic  with  respect  to  the  morphic 
map  *  if  and  only  if 

(i)  An  and 

(ii)  for  every  F  in  A,  such  that  If  I  >  1, 


GiF)  -  G  (/,,)*  G(f,J*  ...*  G(/,lr|) 


IfI 


where  fijZF,  and 


Fault  models  that  are  not  weakly  morphic  may  possess  a  weakly  morphic 
approximation  from  which  diagnosability  properties  can  be  implied. 
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Definition  3.1.3:  The  fault  model  5*  —  (A„,  Zp,  Yp,  G*(.),  M.))  b  the  weakly 
morphlc  approximation  of  a  fault  model  S  —  (A,  Z'  K*  GO,  M.))  with  respect 
to  the  morphic  map  *  if  and  only  if  (i)  S *  b  weakly  m orphic  with  respect  to  * , 
and  (ii)  GCf)QG*  ( F )  for  every  F  in  A. 

3.2  DETECTABLE  SUBSETS 

Our  purpose  is  to  determine  those  conditions  of  the  fault  model  that 
ensure  good  diagnosability  properties.  By  considering  the  class  of  weakly 
morph  ic  fault  models,  we  can  reduce  thb  task  to  that  of  finding  those  condi¬ 
tions  of  elementary  fault  syndromes  and  morphic  maps  that  ensure  diagnosabil¬ 
ity.  It  is  particularly  interesting  to  examine  the  consequences  of  assuming  that 
the  test  outcome  "0"  functions  as  the  identity  element  of  the  set  Z  with  respect 
to  the  morphic  map. 

Definition  3.2.1:  A  fault  model  S  satisfies  the  Irredundancy  Hypothesis  if  and  only 
if  S  is  weakly  morphic  with  respect  to  a  morphic  map  *  such  that  0*a—  a  for 
every  a  in  Z. 

As  a  consequence  of  thb  hypothesis,  not  only  do  the  diagnosability  condi¬ 
tions  of  the  fault  model  depend  only  on  the  elementary  fault  syndromes,  but 
only  on  the  nonzero  outcomes  of  these  syndromes.  Thb  b  a  characterbtic  of 
systems  that  are  not  redundant.  In  such  systems,  the  presence  of  an  elemen¬ 
tary  fault  situation  that  always  causes  a  certain  test  to  have  a  "0”  test  outcome 
can  never  be  detected  by  that  test,  even  if  combined  with  other  fault  situations. 
The  Irredundancy  Hypothesb  thus  represents  a  strong  assumption  on  the 
nature  of  the  fault  model  One  should  note,  however,  that  all  system-level 
fault  models  referred  to  in  thb  paper  have  representations  satbfying  thb 
hypothesis. 
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The  Irredundancy  Hypothesis  leads  to  an  important  concept  related  to  diag- 
nosability  conditions  for  these  models.  This  concept  is  that  the  syndromes  of  a 
fault  situation  can  be  divided  into  portions,--®.,  subsets  of  tests, --such  that  the 
test  outcomes  in  a  given  portion  depend  only  on  a  subset  of  elementary  faults 
in  the  fault  situation.  There  is  thus  a  "decoupling’'  between  some  elementary 
faults  and  some  test  outcomes  that  permits  diagnosability  conditions  to  be 
simplified.  When  the  test  outcomes  in  one  portion  of  the  syndromes  ensure 
that  all  the  syndromes  of  a  given  fault  situation  are  nonzero,  then  the  subset  of 
elementary  faults  associated  with  that  portion  of  the  syndrome  is  called  a  detect¬ 
able  subset  of  the  fault  situation.  We  will  show  that  a  great  deal  of 
information— and  in  some  cases,  all  information— about  the  diagnosability  of  a 
fault  model  can  be  ascertained  by  examining  only  detectable  subsets. 

Definition  3.2.2:  Let  S  be  a  fault  model  and  let  F  be  an  admissible  fault  situa¬ 
tion.  A  set  B  of  elementary  faults  is  a  detectable  subset  of  F  if  and  only  if 

(i)  By*  d* 

(ii)  BQF 

(iii)  for  every  a  €  H(G{F))  an  index  k exists,  such  that  l^k^p,  where 

aky* 0  and  for  every  f£F—B 

(iv)  the  only  subset  of  B  satisfying  (i),  (ii)  and  (iii)  is  B  itself. 

The  family  of  all  detectable  subsets  associated  with  a  fault  situation  charac¬ 
terizes  the  detectability  of  the  fault  situation.  It  is  therefore  convenient  to 
introduce  the  concept  of  a  detectability  map. 

Definition  3.2.3:  The  detectability  map  A(.)  of  a  fault  model  5  is  the  point-to-set 
map  from  A  to  A„  defined  for  every  F  in  A  by 

AC F)  —  {  B€Ah  j  B  is  a  detectable  subset  of  F  }. 
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The  term  "detectable"  in  these  definitions  is  appropriate  since  one  can 
easily  show  that  a  fault  situation/'  is  always  distinguishable  from  the  nonfaulty 
situation  if  and  only  if  A(/)?*4.  Thus,  a  necessary  condition  for  a  fault  model 
to  be  one-step  r-fault  diagnosabie  is  that  A(/);*0  for  all  /  in  A  r\Ar 

The  importance  of  defining  detectable  subsets  is  that  sufficient  conditions 
for  one-step  r-fault  diagnosability  for  models  satisfying  the  Iriedundancy 
Hypothesis  have  been  determined  based  on  these  subsets.  Given  in  the  follow¬ 
ing  sections,  these  conditions  make  use  of  the  fact  that  if  B  is  a  detectable  sub¬ 
set  of  a  fault  situation  /,  then  B  is  also  a  detectable  subset  of  every  fault  situa¬ 
tion  /where  B  C/C/.  This  fact  justifies  condition  (iv)  of  Definition  3.2.2,  in 
which  only  the  smallest  subsets  satisfying  conditions  (i),  (ii)  and  (iii)  are 
included.  One  should  also  note  that  for  a  model  satisfying  the  Iriedundancy 
Hypothesis,  if  /  is  a  fault  situation  and  2?€A(/),  then  a  test  k  exists  such  that 

G(/>*  -  GiB\  •  G(F—B)k  -  (?(£)*. 

From  the  preceding  comments,  one  would  expea  that  determining  the 
syndromes  in  G(F',  and  deriving  diagnosability  conditions  is  easier  when 
I B I «  0/  H,  because  this  implies  the  maximum  amount  of  "decoupling” 
between  faults  and  test  outcomes.  It  is  therefore  not  surprising  that  fault 
models  exist  in  which  all  detectable  subsets  consist  of  exactly  one  elementary 
fault  situation  [PRE67,  RUS75a].  Such  cases  demonstrate  that  diagnosability 
conditions  have  been  greatly  simplified. 


4  SUFFICIENT  CONDITIONS  FOR  ONB-STEP 


T-FAULT  DIAGNOSABILITY 

The  model  and  properties  defined  in  the  preceding  sections  can  be  used  to 
derive  new  conditions  for  one-step  r-fault  diagnosability.  In  this  section, 
sufficient  conditions  are  derived  for  models  satisfying  the  Irredundancy 
Hypothesis.  Since  all  known  system -level  fault  models  have  representations 
satisfying  this  hypothesis,  these  conditions  have  a  wide  application.  As  an 
example,  the  conditions  are  applied  to  the  fault  model  of  P repara ta,  Metze  and 
Chien  [PRE67]  and,  in  particular,  diagnosability  conditions  based  on  the 
Irredundancy  Hypothesis  are  compared  to  those  derived  by  Hakimi  and  Amin 
[HAK74].  (The  proofs  of  theorems  and  lemmas  in  this  section  can  be  found  in 
Section  6  of  this  paper.) 

4.1  DIAGNOSABILITY  THEOREMS 

In  the  following  results,  we  demonstrate  that  the  Irredundancy  Hypothesis 
relates  conditions  involving  detectable  subsets  with  one-step  r-fault  diagnosabil¬ 
ity.  We  provide  the  bask:  conditions  on  the  detectability  map  A(.)  that  ensure 
one-step  r-fault  diagnosability  in  Lemma  4.1.1.  These  conditions  can  be 
simplified  using  Lemma  4.1.2,  and  this  result  is  given  in  Theorem  4.1.3.  A 
special  case  of  the  map  A(.)  that  applies  to  existing  fault  models  [PRE67, 
RUS75a]  is  given  in  Definition  4.1.4  and  the  resulting  diagnosability  conditions 
are  given  in  Theorem  4.1.5. 

The  definition  of  one-step  r-fault  diagnosability  involves  comparing  the 
syndromes  far  each  pair  of  fault  situations  in  the  set  Pj(t),  where 

Pi<r)-{  |  Fa,Fb€Ar,  Fa*Fb) 

for  every  r  such  that  l<r<n.  The  following  lemma  uses  the  pairs  of  fault 
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situations  in  P1(r)  to  relate  conditions  on  the  map  A(.)  with  one-step  r-fauit 
diagnosability. 

Laima  4.1.1:  Let  S  satisfy  the  Irredundancy  Hypothesis  and  let  r  be  such  that 
If  to  every  pair  [Fa,Fb]  in  Pi(t)  there  corresponds  a  set  2?  in 
A (Pa  U P*)  such  that  either  B HPa— 0  or  B OP*— 4>,  then  S  is  one-step  r-fault 
diagnosable. 

Instead  of  using  the  set  Pj(t),  one  may  use  a  smaller  set  P2(t)  where 

Pi( t)-  ( {FaJ?b)  1  FaJbZAr.  IPflUPj>r, 

I Fa  HP*  B-min(  |Pa  UFb  |-1. 2i^-||Pa  UP*  I)  } 

for  every  r  such  that  l<r<n. 

Clearly,  P2(r)  is  always  a  subset  of  P2(t).  If,  far  example,  n— 5,  then 
|P2(1)I-|P|(1)I-15;  however,  |P2(2)|— 65  is  less  than  l|P1(2)l— 120  and 
|P2(3)I— 75  is  less  than  8p2(3)  B — 325-  The  following  lemma  shows  that  the 
conditions  of  Lemma  4.1.1  can  be  verified  by  examining  only  pairs  of  fault 
situations  in  P2(r). 

Lemma  4.1.2 :  If  to  every  pair  {Pa  ,Pb]  in  P2(t)  there  corresponds  a  set  3  in 
A iPa  Upb)  such  that  either  3  C\Pa—$  or  3nPb—4>,  then  to  every  pair  [Fa,Fb) 
in  Pj(r)  there  corresponds  a  set  B  in  A(Pa  UP*)  such  that  either  BC\Fa~-4>  or 
imp*-*. 

Lemmas  4.1.1  and  4.1.2  immediately  imply  the  following  theorem. 

Theorem  4.1.3:  Let  S  satisfy  the  Irredundancy  Hypothesis  and  let  r  be  such  that 
l<r<n.  If  to  every  pair  [Fa  ,Fb }  in  P2(r)  there  corresponds  a  set  B  in 
A (Pa  UP*)  such  that  either  B OPa— 0  or  B  OP*— 0,  then  S  is  one-step  T-fault 
diagnosable. 
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It  is  interesting  to  examine  the  consequences  of  assuming  that  all  detect¬ 
able  subsets  in  At F)  contain  one  and  only  one  elementary  fault  situation. 

Definition  4.1.4 :  A  map  Ai.)A—*A„  satisfies  the  Cardinality  Condition  if  and  only 
if  | B 1—1  for  every  Bt  ACF)  and  every  Ft  A. 

As  a  consequence  of  AO  satisfying  the  Cardinality  Condition,  the  condi¬ 
tions  ensuring  one-step  r-fault  diagnosabilhy  reduce  to  that  of  considering  only 
the  cardinality  of  AtF). 

Theorem  4.1.5:  Let  S  satisfy  the  Irredundancy  Hypothesis,  let  A(.)  satisfy  the 
Cardinality  Condition  and  let  r  be  such  that  l<r<n.  If 

lA(/-)|  >  min(  If  1—1,  2t— If  H ) 

for  every  FtA%  such  that  B/pI<2t;  then  S  is  one-step  ir-fault  diagnosable: 
41  APPLICATION  TO  THE  PMC  FAULT  MODEL 

In  this  section,  we  will  consider  the  following  representation  of  the 
Preparata,  Metze  and  Chien  (PMC)  [PRE67]  model  based  on  the  graphical 
description  given  in  [HAK74]. 

Definition  4.2.1:  Let  G(V,C )  be  the  graphical  description  of  a  PMC  fault  model. 
S  —  iA„,  (0,1,2}P,  {0,1k,  GO,  M.»  is  a  type  1  representation  of  this  PMC 
model  if  and  only  if 

(i)  n  -  \V  I 

(ii)  p-lcl 

(iii)  for  every  (v, ,vj)t  C,  1  <£  exists  such  that  for  every  Ft  A„ 

2./ 6  F 

i.  Mr,  fjtF, 

0,  otherwise 


18 


(fv)  MO)— 0,  Ml)-1  and  M2)-{0,1}. 

This  representation  of  a  PMC  fault  model  fancies  a  one-to-one  correspon¬ 
dence  between  units  (vertices)  In  V  and  elementary  fault  situations  in  £,  and 
between  edges  in  C  and  tests  in  T.  This  representation  is  meaningful  since  a 
subset  of  faulty  units  in  V  corresponds  to  every  F€A„,  and  HiGiF))  is  equal 
to  the  syndromes  for  this  set  of  faulty  units.  The  following  lemmas  show  that  a 
type  1  representation  of  a  PMC  model  satisfies  the  ^redundancy  Hypothesis 
and  A(.)  satisfies  the  Cardinality  Condition. 

Lemma  4.2.2:  If  Sis  a  type  1  representation  of  a  PMC  fault  model,  then  S  is 
weakly  morph ic  with  respect  to  a  m orphic  map  * ,  where  0*0—0,  0*  1— 1*0— 1 
and  0*  2—1* 2— 2*0—  2*  1—2.  (The  values  1*  1  and  2*  2  are  not  used  in  this 
representation.) 

CoroDory  4.2.3:  If  S  is  a  type  1  representation  of  a  PMC  fault  model,  then  S 
satisfies  the  Irrcdundancy  Hypothesis. 

Lemma  4.2.4:  If  S  is  a  type  l  representation  of  a  PMC  fault  model,  then  for 
every  F€A„, 

A (F)  —  [fGF  j  l<A:<p  exists  where 

<?(/)*- 1  and  G(?)k-4,  for  all  HF-{f) }. 

Corollary  4.2.5:  If  S  is  a  type  1  representation  of  a  PMC  fault  model,  then  A(.) 
satisfies  the  Cardinality  Condition* 

The  preceding  corollaries  and  Theorem  4.1.5  immediately  imply  the  follow¬ 
ing  theorem. 

Theorem  4.2.6:  Let  5  be  a  type  1  representation  of  a  PMC  fault  model,  and  let  r 
be  such  that  l<r<n.  If 
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lA(f)l  >  mint  If  I— 1,2»— If  I) 

for  every  F€Am  such  that  r<  If  I<2t,  then  S  is  one-step  r-fauit  diagnosabie. 

Using  Theorem  4.2.6,  one  can  reconstruct  the  diagnosabiUty  conditions 
derived  by  Hakimi  and  Amin  [HAK74]  and  show  that  condition  1  of  Theorem 
2  [HAK74],  that  is,  n  >2t,  is  actually  implied  by  the  other  conditions  of  that 
theorem. 

Lemma  4.2.7;  Let  S  be  a  type  1  representation  of  a  PMC  fault  model,  and  let  r 
be  such  that  l<r<n.  Every  unit  in  the  PMC  model  is  tested  by  r  others  (con¬ 
dition  2  [HAK74])  if  and  only  if  HaCF)|-t  for  every  F€A„,  If  |-r. 

Lemma  4.2.8:  Let  S  be  a  type  1  representation  of  a  PMC  fault  model,  and  let  r 
be  such  that  l<r<n.  For  every  r  such  that  0<r  <r,  and  every  X CV  such 
that  — 2t4t,  Irx  |>r  (condition  3  [HAK74])  if  and  only  if 

lA(f)l  >  2r— If  I  fa  every  F€A„,  r<lf  l<2r. 

Theorem  4.1. 5  and  Lemmas  4.2.7  and  4.2.8  immediately  imply  the  follow¬ 
ing  theorem  and  show  that  conditions  2  and  3  [HAK74,  Theorem  2]  alone  are 
sufficient  for  one-step  T-fault  diagnosabiUty. 

Theorem  4.2.9:  Let  S  be  a  type  1  representation  of  a  PMC  fault  model,  and  let  r 
be  such  that  1  <r<n.  If  every  unit  in  the  PMC  model  is  tested  by  t  others 
(condition  2  [HAK.74]),  and  for  every  r  such  that  0<r  <r,  and  every  X  CK 
such  that  fl2f  I— #i— 2r+r,  IfAT  l>r  (condition  3  [HAK74J),  then  S  is  one-step 
T-fault  diagnosabie. 

The  following  lemma  shows  that  n  >2r  (condition  1  [HAK74J)  is  implied 
by  the  conditions  of  Theorem  4.2.6. 

Lemma  4.2.10:  Let  5  be  a  type  1  representation  of  a  PMC  fault  model,  and  let  r 
be  such  that  1  <r</t.  If 
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|ACF)|  >  mil*  1/1-1,27-1/1) 

for  every  F€AH  such  that  r<  1/“  l<2r,  then  n  >2 r. 

In  the  special  case  of  the  PMC  fault  model  in  which  no  two  units  test  each 
other,  the  diagnosability  conditions  of  Theorem  4.2.6  can  be  further  simplified. 

Lemma  4.2.11:  Let  S  be  a  type  1  representation  of  a  PMC  fault  model  in  which 
no  two  units  test  each  other,  and  let  r  be  such  that  then 

IU(/)H  >  min(  1/1-1.27-1/1) 

for  every  F£An  such  that  r<  I/1  |]<2t  if  and  only  if  I  A(/)D  —  r  for  every 
F€An  such  that  I/I-t. 

Theorem  4.2.6  and  Lemmas  4.2.7  and  4.2.11  immediately  imply  the  follow¬ 
ing  theorem,  which  is  equivalent  to  Theorem  1  of  [HAK74]. 

Theorem  4.2.12:  Let  S  be  a  type  1  representation  of  a  PMC  fault  model  in 
which  no  two  units  test  each  other,  and  let  r  be  such  that  If  every 

unit  is  tested  by  r  other  units,  then  5  is  one-step  r-fault  diagnosable. 


5.  CONCLUSION 


Our  research  presents  a  new  approach  for  determining  diagnosability  condi¬ 
tions  by  using  a  new  fault  model  having  flexible  features.  We  have  shown  that 
without  initially  assuming  conditions  on  the  fault-test  relationship,  diagnostic 
conditions  can  be  determined  that  have  a  wide  application  and  which  should 
lead  to  new  testability  design  guidelines. 

The  results  given  in  this  paper  were  limited  to  sufficient  conditions  for 
one-step  r-fault  diagnosability.  It  can  be  shown,  however,  that  the  approach  is 
applicable  to  other  types  of  diagnosability  properties  and  leads  to  necessary  con¬ 
ditions  as  well.  We  are  currently  engaged  in  research  efforts  to  extend  this 
approach  to  transient  fault  situations. 
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6.  PROOFS 

This  section  contains  the  proofs  of  theorems  and  lemmas  in  Sections  4.1 
and  4.2.  Lemmas  6.1  and  7.3  are  used  to  simplify  these  proofs. 

Lemma  6.1:  Let  5  be  a  fault  model  and  let  Ft  A,  then  (i)  for  every  b  60(F)  an 

index  k  exists  such  that  1  </*,  where  0 \H{bk)  if  and  only  if 

(ii)  for  every  a  tH(G(F))  an  index  k  exists  such  that  l^fc <p,  where  aky£ 0. 

PROOF:  (iH«).  Let  a  tH{G{F)).  This  implies  that  b tG(F)  exists 
such  that  a  tH{b  ).  Therefore,  by  (i),  an  index  k  exists  such  that  l^Ar^p, 
where 0$H{bk\  which  implies  ak^ 0. 

(ii>— -<i).  Let  b  €G(F).  Since  H(b  )QH(.GiF)),  by  (ii),  for  every  a  tH(b  )  an 
index  J  exists  such  that  1  <7  where  0.  Therefore,  a  5^(0, 0)  for 
every  a  tHib  ).  Then,  since  H(b  )  —  i/(£1)x//(Z>2)x...x/f(6p),  this  implies 
that  an  index  k  exists  such  that  1<&<a  where  0$H(bk\  □ 

Lemma  6.1  and  Definition  3.2.2  immediately  imply  an  alternative 
definition  for  detectable  subsets.  This  definition  is  used  in  the  proofs  of  Lem¬ 
mas  6.3,  4.1.1  and  4.2.4. 

Corollary  6.2:  Let  5  be  a  fault  model  and  let  F  be  an  admissible  fault  situatioa 
A  set  B  of  elementary  faults  is  a  detectable  subset  of  F  if  and  only  if 

(i)  B 

(ii)  B  Q  F 

(iii)  for  every  btG(F)  an  index  k  exists  such  that  1  where  0$H(bk) 

and  <?(/■)*—  0  for  every  ftF—B 

(iv)  the  only  subset  of  B  satisfying  (i),  (ii)  and  (iii)  is  B  itself. 

The  following  lemma  verifies  a  statement  made  at  the  end  of  Section  3.2  and  is 


used  in  the  proof  of  Lemma  4.1.2. 

Lemma  6.3:  Let  S  satisfy  the  Inedundancy  Hypothesis,  let  F€A  such  that 
ACFW,  and  let  BtMF).  If  F€A  such  that  B  QFQF,  then  A(F). 

PROOF:  If  F—F,  then  immediately,  At F)  —AC/1).  Assume  that  FCF. 
Let  a€G(F).  By  the  weakly  marphic  property,  a*G iF—F)Q G (F).  Let 
b€a*G(F—P).  This  implies  that  b€G{F).  Since  B€  ACF),  by  Corollary  6.2 
an  index  k  exists  such  that  1<£<a  where  0$H(.bk)  and  G(/)*—  0  for  all 
f€F—B.  Since  F—F C F—B>  GCF— #)*—  0  and,  by  the  Inedundancy 
Hypothesis,  bkmmak*0,mak.  Then,  since  F—B  QF—B,  an  index  k  exists  such 
that  1  <*</>,  where  Q$H{ak)  and  G(f)k—  0  for  every  ft  F—B.  Hence, 
i?€A(.F).  O 

The  remainder  of  this  section  consists  of  the  proofs  of  theorems  and  lem¬ 
mas  in  Sections  4.1  and  4.2. 

Lemma  4.1.1:  Let  S  satisfy  the  Inedundancy  Hypothesis  and  let  r  be  such  that 
l^r</t.  If  to  every  pair  [Fa  ,Fb }  in  Pj(t)  there  corresponds  a  set  B  in 
A (Fa  U/^)  such  that  either  Br\Fa—4>  at  BDFb—4>,  then  S  is  one-step  r-fault 
diagnosable. 

PROOF  Let  [FaJFb)^P\ir)  and  assume  without  loss  of  generality  that 
Fa^pQ  and  that  B€A(Fa  U Fb)  exists  such  that  B 0.  Hence, 
BQFaQFaUFb.  Leta€OCFfl). 

Case  (1):  Fa  U Fb.  In  this  case,  A (F«  )  —AC Fa  U Fb  ),  and  by  Corollary 

6.2,  an  index  k  exists  such  that  1  <a  where  0$/f(afc)  and  G(/)*—  0  for 
every /€.Fa— 2?.  Then,  since FbQFa—B,  by  the  Inedundancy  Hypothesis 
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Case  (2):  Fa  CFa  U Fb.  In  this  case,  by  the  weakly  m orphic  property, 
a*G{{Fa  UFh h~Fa  ) QGU?a  UFb ).  Let  6  a  *  G  ( {Fa  U  F*  }-Fa  >,  then 
b  €G(JFa  U Fb).  Since  B e  A(Fa  UF*),  by  Corollary  6.2  an  index  k  exists  such 
that  1  <A  where  Q$H(bk)  and  G  (/)*—  0  for  every  /€  {Fa  UFb]—B.  Then, 

by  the  Irredundancy  Hypothesis,  Fb  C{Fa  U Fb)—B  implies  G{Fb\—  0  and 
l Fa UF*}--Fa Q{Fa UF*}— B  implies  G([Fa  UF*}— Fa)*—  0.  Therefore,  bk—ak> 
which  implies  0$//(a*). 

Hence,  in  both  cases  (1)  and  (2)  an  index  k  exists  such  that 
where  H (ak)f\H(G(Fb)k)  which  implies  H(a  )C\H(GtFb))  -*}>.  Accord¬ 
ingly,  since  a  €G (Fa )  is  arbitrary,  H(G(Fa  ))n/f(G(F*»  — <£.  Since  this  is 
true  for  any  pair  in  Pi(r),  S  is  one-step  r-fault  diagnosable.  □ 

Lemma  4.1.2:  If  to  every  pair  [Pa,Pb]  in  P2(t)  there  corresponds  a  set  B  in 
A{FaUFb)  such  that  either  BnFa—4>  or  BClPb~ *,  then  to  every  pair  {Fa,F*} 
in  Fi(r)  there  corresponds  a  set  B  in  A (Fa  U Fb)  such  that  either  B  HFa— or 
Br\Fb-4>. 

PROOF:  We  shall  prove  the  contrapositive  of  this  lemma;  that  is,  we  will 
assume  that  there  {Fa,Fb}€P1{r)  exists  such  that  for  every  B 6  A(Fa  UF*), 
BC\Fa^<f>  and  B  C\Fb?*4>,  and  then  construct  {/„,/*}€  P2(t)  such  that  for 
every  Pl£A(Ptt\Jpb\  and  PnPb^4>. 

Case  (1):  |FaU/j  Without  loss  of  generality,  let/a€Fa  such  that 
faiFb.  Let  K-»FaUF$  and  W—V-\fa\.  Since  r</t,  X QE-Fa UF*  exists 
such  that  lx  1-  r  -flFa  UFb  |.  Let  Pa-X  UK  and  Pb—X U W;  then 
{/„  ,£* }  € PjCt)  and  Fa  UF& C /a  .  By  assumption,  {fa)i  A(Fa  UFb ).  There¬ 

fore,  by  Lemma  6.3,  (/"«,}$  A(/a  U Pb).  Consequently,  since 
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[fahh  u/*-FanF*,  for  every  j§€  A(£  U Pb\  &n(fianFb)*<f>.  This  implies 
that  B C\Fa^4>  and  B C\Fb*±4>. 

Case  (2):  flPaUP*fl>T.  In  this  case,  II {^,  ) — : Fa  B>t  —  \Fa  I^Oj 

thus,  V  Q{Fa  UP*}— Fa  exists  such  that  Ik  fl—  t  —  |Pa  I.  Let  Pq—V  U Fa. 
Similarly,  W  Q{Fa  U F*}— F*  exists  such  that  Iw  I—  r  — Bp*  |.  Let  £*- W  UP*. 
Consequently,  {/a fFb)€P1(.T)  and  Fa  UFb—Fa  UFb.  Hence, 

A(FaUF*)  —  A(FaUF*X  Therefore,  if  5 €  A(Fa  UP* )  exists,  then 

2?€  A(Fa  U Fb X  By  assumption,  then,  B C\Fa  ^4>,  which  implies  B  C\Fa&4>  and 

BC\Fb7*<h  which  implies  BHFbi*4>.  □ 

Theorem  4.1.5:  Let  S  satisfy  the  Irredundancy  Hypothesis,  let  A(.)  satisfy  the 
Cardinality  Condition  and  let  r  be  such  that  If 

I  AGP)  I  >  min(  If|— 1,2t  — If|) 

for  every  F€A„  such  that  Bp  B  <2t,  then  S  is  one-step  r-fault  diagnosable. 

PROOFi  Assume  that  |A(F)I>min(lpB— l,2r  — IfI)  for  every  F£AH 
such  that  t<  |fB<2t.  Let  {PaP*}€P2(T>,  then  r<  |pa  U Fb  J<2r  and 
1/1  UP*  l-min(  flFa  UP*  1—1,  2t  — flFa  UP*  |X  Let  K—  U  B. 

0  D  S€A(F.UF*) 

Then  I B 1-1  for  all  B€A(Fa  UFb)  and 

I  A(Fa  UF*)|>min(  |pa  UP*  |-1, 2r  -|pa  U Fb  B)  imply  that 

IK  I >min(  |Pa  UP*  1-1,  2t  -|pa  UP*  I )  -  |Pa  HP*  I.  Hence,  /€  V  exists 

such  that  fiFa  OP*.  Since  /€  V  if  and  only  if  {/}€  ACFa  UP*),  this  implies 

[/)€  A (Fa  UP*)  exists  such  that  either  {/jnFa— 0  or  {/)nP*— 4>.  Therefore,  by 

Theorem  4.1.3,  S  is  one-step  T-fault  diagnosable.  □ 


Lemma  4.2.2 :  If  5  is  a  type  1  representation  of  a  PMC  fault  model,  then  S  is 
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weakly  morph  ic  wkh  respect  to  a  morphic  map  *  ,  where  0*0— 0, 

0*1— 1*0— 1  and  0*2— 1*2— 2*0— 2*  1—2.  (The  values  1*  1  and  2* 2  are  not 
used  in  this  representation.) 

PROOF:  Definition  4.2.1  satisfies  Definition  3.1.2(i).  Let  F€A  such  that 
IfI>1  and  let  1  Definition  4.2.1(iii)  implies  that/,  fj£E exist  such 

that  for  every 

2.  /-/, 

G{f\  -  1,  f-fj 

0,  otherwise 

Let  *  be  the  morphic  map  given  in  this  lemma  and  let 

G*(F)  -  G (/),)* </(/,,)*  ...*G(//|„). 

a  a  1*1 

where  /Jy€F,  IF  B  and  fi}  —  F.  Then,  G*(/%— 2  if  and  only  if  f,€Fy 

G*(F)*-1  if  and  only  if MF,  /;6Fand  G*(F)k-  0  if  and  only  if  Mf,  f^F. 
Thus,  G*(F)  —  GCF)  for  every  F€A.  Hence,  Definition  4.2.1  satisfies 
Definition  3.1.2(ii)  and  therefore,  S  is  weakly  morphic  with  respect  to  * .  O 

Lemma  4.2.4:  If  S  is  a  type  1  representation  of  a  PMC  fault  model,  then  for 
every  F€An 

AiF)  —  [f€F  |  exists  where 

G(/)*-l  and  G(/)*-0,  for  all  /6F-{/} ). 


PROOF:  Let  F€An  and  let 
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Q(F)  —  { f€F  |  exists  where 

G</)*-l  and  G(?)k -  0,  for  aU  /6F-(/} }. 

Let  ACF)  be  defined  according  to  Definition  3.2.2, 

Case  (1):  AC F)  —  <t>.  Definition  3.2.2(iii)  implies  that  a  €H(G(F))  exists 
such  that  a—  (0,0,. ..,0).  Definition  4.2.1(iv)  implies  that  GtF)k**\  for  every 
index  k  such  that  1  Therefore,  by  Definition  4.2.1(iii),  for  each  index  k 

either  G(/)*~  0  every  f€F  or  ftk 6/  exists  such  that  G  (flt)k—2.  Hence, 

QiF )  —  0,  and  consequently,  A(F)  —  Q(F)  —  0. 

Case  (2):  A(f)^^.  Let  B€A(F).  Let  a—  G(F>,  then  by  Corollary  6.2, 
an  index  Ar  exists  such  that  1  where  0$//(a*)  and  G(/)fc—  0  for  every 

f€F—B.  Definition  4.2.1(iv)  implies  that  a*— 1.  Definition  4.Zl(iii)  implies 
that  /€  F exists  such  that  G(/)*.— 1  and  G(f)k—  0  for  every /€/—{/;}. 
Therefore,  by  Definition  3.2.2(iv),  2?— {/}}  and  2?  6  0(F).  Hence, 

AUOCQUO. 

Let  {//}€QCF),  then/,6/;  and  an  index  k  exists  such  that  1<2:<a  where 
£?(/})*— 1  and  G(/V-  0  for  every  /6F— {/]}.  Definition  4.2.1(iv)  implies  that 
for  every  a  e/JCGCF)),  a*^0  and  G(/)*—  0  for  every /€F—{/}.  Hence, 

(/,}€  A(F),  and  thus,  0(20  CA(F).  Therefore,  A(/)  —0(F).  O 

Lemma  4.2.7:  Let  S  be  a  type  1  representation  of  a  PMC  fault  model,  and  let  r 
be  such  that  l<r<n.  Every  unit  in  the  PMC  model  is  tested  by  r  others  (con¬ 
dition  2  [HAK74])  if  and  only  if  H  AC/)  I—  r  for  every  FZA„,  If  r. 

PROOF:  Let  >}€£* and  define  r(/}>  —  [f^E  |  (v,,Vy)6C,  i^j).  Then, 
each  unit  in  the  PMC  model  that  tests  unit  Vj  corresponds  to  a  elementary  fault 
in  7*0}). 
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First,  assume  every  unit  in  the  PMC  model  is  tested  by  at  least  r  others. 
Then,  for  every  /€F,  l7’(/)|>r.  Let  F€An  such  that  I/*  I—  t,  and  let  fj€F. 
Sine efjtT(Sj)  and  \T(Jj)\^ry  exists  such  that/;$F.  Therefore, 

by  Definition  4.2.1(iii)  an  index  k  exists  such  that  where  G  (/,)*— 2 

and  </(/})*— 1.  Hence,  /}€  A(F).  Since  this  is  true  for  any  /€F,  A (F)  — Fand 
therefore,  Ia(F)I— IfH—  t. 

Second,  assume  that  a  unit  in  the  PMC  model  exists  that  is  tested  by  fewer 
than  r  others.  Then  fj€E exists  such  that  flr(/})il<T.  Let 
W  QE-\fj)UT{fj)  such  that  W  I-  r  -1-Br(/))B.  Let 
F—  {fj)VT(fj)UW\  then,  IfB—  t.  By  definition  4.2.1(iii),  for  every  index  k 
such  that  l^&^pand  G(fj)k— 1,  exists  such  that  2.  Thus, 

/  6F  implies  that  fji  A (F).  Hence,  0  A(F)  It  <  If  I—  r.  □ 

Lemma  4.2.8:  Let  S  be  a  type  1  representation  of  a  PMC  fault  model,  and  let  r 
be  such  that  Fbr  every  r  such  that  0<r<r  and  every  X CK  such  that 

\X\  — h— 2r+r,  Ir*  l>r  (condition  3  [HAK74]  j  if  and  only  if 
|A(F)I  >  2r— If!  for  every  F€A„,  t<IfI<2t. 

PROOF:  Let  XQV.  Then  let  F€AH  be  defined  such  that  /,  €F  if  and  only 
if  V;  4 X.  Then  F  is  the  set  of  elementary  faults  corresponding  to  the  vertices  in 
the  complement  of  X.  By  definition  [HAK74],  [vjiX  |  (v,,vy)€  C,  v(  €  A"  }. 
By  Definition  4.2.1(iii),  (v,,Vy)€C  if  and  only  if  an  index  k  exists  such  that 
1<*<A  where  <?(/})*- 2  and  G(/))*-l.  Hence,  v/€TA'  if  and  only  if 
/)€A(F).  Therefore,  IrAfl— Ba(F)D. 

First,  assume  for  every  r  such  that  0<r  <t,  and  for  every  X  QV  such  that 
|jf  I— n— 2t+t,  that  BrAf  l>r.  Let  FGA„  such  that  r<  Bf  I<2t. 

Let  r— It  —  If  I;  then  0^r<r  and  |jrl— n— IfI— n— 2r+r. 
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Then,  lAOOl-lnr  l>r-2r  -IfI. 

Second,  assume  that  Ia(F)I>2t  —  l/’Ifor  every  F£A„  such  that 
r<  I F I  <2r.  Let  X  CK  and  let  0<r  <r  such  that  lx  I— n— 2r+r.  Then, 
IfI—»— lid— 2r  —  rand  t<IfII<2t.  Hence, 
lnrl-lA(F)l>2T“l/,|-r.  □ 

Lemma  4.2.10:  Let  S  be  a  type  1  representation  of  a  PMC  fault  model,  and  let  r 
be  such  that  l<r<n.  If 

Ia(F)|  >  mindFl— 1,2t— IfI) 

for  every  F€A„  such  that  If  0<2r,  then  n>2r. 

PROOF:  Note  that  for  a  type  1  representation  of  a  PMC  model, 

IaC£’)B—  0.  Assume  that  lA(F)l>min(llF|— l,2r  — RfI)  for  every  F£An 
such  that  t<  If  fl<2r,  and  assume  that  n  is  such  that  t</i  <2t. 

If  n—  r,  then  Ia(F )  I—  0<min(#i— 1, 2n— n  )  — n— 1  is  a  contradiction.  If 
t</i<2t,  then  Ia(F)|—  O^minOi— l,2r  —n)  — 2r  — n  is  a  contradiction. 
Therefore,  «>2t.  □ 

Lemma  4.2.11:  Let  S  be  a  type  1  representation  of  a  PMC  fault  model  in  which 
no  two  units  test  each  other,  and  let  r  be  such  that  1<t<a;  then, 

|A(F)I  >  min(lF|— 1,2t— IfI) 

for  every  F£A„  such  that  r<  If  H  <2t  if  and  only  if  I  A(F)  I  —  r  for  every 
FZA„  such  that  IfI-t. 

PROOF:  Assumption  (1):  I  A(F)  I—  r  for  every  F€An  such  that 
IF  I—  r.  Assumption  (2):  Fa  €  A„  exists  such  that  r<  lFa  I  <2r  and 
I  A(Fa)l<2r  —  lFa  I.  From  assumptions  (1)  and  (2)  we  derive  a 
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contradiction,  thus  proving  that  if  assumption  (1)  holds,  assumption  (2)  cannot 
hold. 

Let  fj€E and  define  —  [ft£E  |  (vltVjHC,  l&j).  Then,  each  unit  in 
the  PMC  model  that  tests  unit  Vj  corresponds  to  a  elementary  fault  in  T(fj). 

By  Lemma  4.2.7,  assumption  (1)  implies  that  |r(/>  I  >r  for  every /€£. 

Assumption  (2)  implies  that  \Fa—A(Fa  )  fl  ^2.  Lemma  4.2.4  and 
Definition  4.2.1(iii)  imply  that  for  every  f€Fa  —A(Fa ),  T(f)QFa.  Let 
Ta(J) T(J)n{Fa-\(Ja )}  -re/)  -  {ACFa)nT (/■)}.  Then 
lr.(/)l>r-lACF.)l.  Consequently, 

X  ,  llTa(/-)I>  (lFa-A(/^)IXr  -llA(Ffl)ll). 

/eft — Atftj 

(The  quantity  X  \TJJ)Y  represents  the  number  of  distinct  tests  tk€T 
f$Fm — A(ft) 

such  that  f€Fa—A(Fa  )  and  f€Fa  exist  where  (?(/)*— 1  and  £7(/)*— 2.) 

If  no  two  units  test  each  other,  then/6T(/)  implies  that/$r(/}). 
Therefore,  /, € TjJ )  implies  that  fiTa(f, ).  Consequently, 

r  \T  (V)!  (  YFa-MFa ) I X lFa-\{Fa )  1-1 ) 

/eft— ACft)  a  ^  2 


Combining  these  bounds  yields. 


( lFa-A(Fa  )  fl  X  fl/a-ACFa  )  1-1 ) 
2 


>  ( If.-A(/.)IXt -lA(Ffl)ll>, 


or  equivalently,  since  \Fa—> AC^)!!— \Fa  I— HAtFa)l, 


|A(F.)I  >  2t  —\pa  fl+1. 


which  contradicts  assumption  (2). 

Therefore,  whenever  no  two  units  in  the  PMC  model  test  each  other,  the 
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coalition  |A(F)I  —  r  for  every  F€A„  such  that  If  I—  t  implies  that 
lA(f  )l>miriClf  I— 1.2r  —If  I)  for  every  F €AH  such  that  r<  If  l<2 
The  converse  is  immediate.  □ 
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